Stronger Automation and Visibility Across AI-Driven Hybrid Networks
Modern enterprise networks now span on-premises, cloud, and edge environments. As complexity grows, security and network teams are expected to move faster while maintaining consistent policy enforcement, control, and audit readiness across increasingly fragmented systems.
In this environment, automation is no longer optional. Manual workflows, incomplete visibility, and disconnected tools slow response times and increase the risk of misconfigurations that often go undetected until they cause real impact.
Tufin R25-2 Feature Release 2 delivers targeted enhancements that strengthen automation, improve policy visibility, and extend control across hybrid environments. This release introduces AI-assisted policy insights, more accurate enforcement visibility, and expanded support across SD-WAN, firewall, and virtualized environments.
Why Hybrid Complexity Breaks Traditional Controls
Security and network teams operate under constant pressure to move fast without introducing risk. Hybrid networks span multiple vendors, platforms, and policy models, each with its own logic, tooling, and limitations, making even small changes difficult to validate for impact and compliance.
As environments scale, policy exceptions accumulate, segmentation weakens, and overly permissive access becomes harder to identify. Without consistent visibility and reliable automation, teams are forced to react to issues after they occur rather than prevent them proactively.
The result is fragmented control: teams lack a unified control plane to understand, manage, and automate security policy across all environments. This is where the new Tufin R25-2 Feature Release 2 helps organizations close that gap.
What’s New in R25-2 Feature Release 2:
TufinAI Assistant USP Exception Search
Building on TufinAI’s momentum with TufinMate and TufinAI Assistants for rule and device search, TufinAI continues to evolve into a foundational layer of our unified control plane, enabling organizations to accelerate issue resolution, reduce operational friction and risk, and scale security operations as network complexity grows.
This release introduces TufinAI Assistant for USP Exception Search, transforming how teams manage and locate Unified Security Policy (USP) exceptions.
Instead of manually filtering through exception lists or constructing complex queries, security teams can now search using plain language. Simply type “Show me all exceptions that allow Internet access” or “Show me all rule exceptions for AWS accounts,” and TufinAI instantly returns relevant results in the Exceptions Viewer.
This capability simplifies exception management, reduces time spent on manual searches, and helps teams quickly identify compliance and security gaps across hybrid networks. Whether you’re investigating potential policy drift or preparing for an audit, finding the right exceptions no longer requires specialized query knowledge.
Fortinet Policy Blocks Support
Organizations using Fortinet FortiManager now gain deeper visibility into policy block structures. Tufin analyzes Fortinet policy blocks to identify overly permissive rules, delivering accurate insight for traffic interpretation, compliance validation, and access request automation.
This enhancement eliminates a persistent pain point, false-positive compliance alerts caused by incomplete visibility into policy block structures. With accurate policy block interpretation, compliance checks become more reliable, troubleshooting accelerates, and change management workflows run more smoothly.
The result is faster application delivery, clearer visibility into policy dependencies, and simpler audits. Teams spend less time chasing phantom compliance issues and more time addressing real security risks.
Open Policy Model (OPM) Designer Customization
Automation delivers value only when it aligns with organizational standards. The OPM Designer customization feature allows teams to tailor automated rule suggestions to their internal governance requirements, including naming conventions, rule placement, and comment standards.
As a result, automated policy changes no longer require manual adjustments to meet internal guidelines. When SecureChange+ proposes a new firewall rule, it is generated in the correct format, properly named, correctly placed within the policy, and documented with standardized comments.
The impact is twofold. Teams gain greater consistency across policy changes, reducing confusion and improving long-term maintainability. At the same time, automation becomes more scalable, as suggested changes can be implemented directly without time-consuming reformatting.
Expanded Aruba EdgeConnect Visibility
As SD-WAN adoption accelerates, organizations need the same level of visibility and control over these environments as they do for traditional firewalls and routers. This release adds support for HPE Aruba EdgeConnect SD-WAN devices, bringing them fully into Tufin’s unified control plane.
Security and traffic policies from EdgeConnect are now visible, validated, and governed alongside all other network devices. This enables stronger segmentation enforcement across hybrid networks, reduces the risk of misconfigurations during SD-WAN changes, and simplifies audit preparation.
Teams also gain complete end-to-end traffic-flow visibility that improves incident response. When investigating connectivity issues or security events, teams can now see the full path, including SD-WAN segments, rather than only traditional network devices.
Expanded Rule Optimizer Support for VMware NSX
For organizations using VMware NSX for microsegmentation, Tufin now extends rule optimization capabilities to analyze Distributed Firewall (DFW) rules for excessive permissiveness and provide traffic-based recommendations to tighten them.
This automated optimization reduces attack surface by enforcing least-privilege access within virtualized environments. Instead of manually reviewing hundreds or thousands of DFW rules, teams can rely on Tufin to identify rules that allow broader access than required based on observed traffic patterns.
Beyond immediate security gains, automated rule optimization saves time, strengthens overall security posture, and supports continuous compliance as VMware NSX environments grow and change.
Extending Unified Control Across Hybrid Networks
Tufin R25.2 Feature Release 2 expands the Tufin unified control plane, delivering unified visibility, automated policy orchestration, and continuous compliance across hybrid network environments. The enhancements in this release work together to bring more infrastructure under centralized control, apply automation that aligns with organizational standards, and use AI-powered insights to make critical policy and security information easier to access and act on.
For network and security teams, this translates to faster troubleshooting, more accurate compliance validation, and more efficient change management. For the broader organization, it means maintaining consistent security posture, control, and audit readiness, even as network complexity continues to grow.
Tufin R25.2 Feature Release 2 is now available.
To learn more about this release or see how these capabilities apply to your organization, please contact your Tufin representative or request a demo.
Ready to Learn More
Get a Demo
